| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
o Update copyright date
|
|
|
|
|
|
|
|
|
|
|
| |
1) make libnfnetlink dynamically allocate it's handles
2) apply that change throughout libnetfilter_*
3) add {nfq,nflog,nfct}_open_nfnl() functions that open
the specific subsystem on top of an existing nfnl_handle,
which is required for upcoming libnetfilter_conntrack_helper
The changes break ABI and API compatibility of libnfnetlink, but don't
break ABI or API compatibility of the libnetfilter_* libraries.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
o clean up layer-4 compare functions
o finish the comparison infrastructure: support for tuple/mark matching
o fix bug in the default event display when used in conjunction with the
comparison infrastructure.
o Bumped version to 0.0.30
Thanks to Yasuyuki Kozakai for:
[LIBNETFILTER_CONNTRACK] fix dumping IPv6 connections
that in included in this commit.
|
|
|
|
|
| |
Another reason to use such type: the nfnetlink header uses u_int8_t to set
the layer 3 protocol family, so let's keep some consistency.
|
|
|
|
| |
Towards ipv6 support.
|
| |
|
|
|
|
| |
the ipv6 suport comes.
|
|
|
|
|
|
|
|
|
| |
o Added the comparison infrastructure for layer-4 protocols
o Added libnetfilter_conntrack_[tcp|udp|icmp|sctp].h that contains the protocol flags used by the comparison infrastructure
o Added nfct_conntrack_compare to compare two conntracks based on flags
o Killed nfct_event_netlink_handler
o nfct_event_[conntrack|expect] requires ROOT privileges (reason: netlink multicast)
o Bumped version to 0.29
|
| |
|
|
|
|
| |
linux_nnfnetlink_conntrack.h
|
|
|
|
|
|
|
| |
update_conntrack, and it doesn't even fit well for both cases. So I decided to
kill it and inline the code adapting it when was necessary.
o Convert all unsigned int/long to POSIX types u_int32_t. Better now than
later :(.
|
|
|
|
|
|
|
|
| |
o fixed ICMP ID handling
o fix -> libtool: link: libtool library `nfct_proto_*.la' must begin with `lib'
o remove wrong flag at extensions/Makefile.am
o bumped version to 0.0.26
o fixed versioning :(
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
o nfct_build_conntrack flit bits of status, timeout, id and mark.
o finish incomplete support for marks: kernel part missing (patch on the way)
o network byte order translation in build_conntrack instead of
nfct_conntrack_alloc. Now this translation is transparent to the clients of
the library.
o Kill last blank space output in nfct_sprintf_[conntrack|expect] (Thanks to
Krzysztof Oledzk for reporting this).
o add missing initialization of buffer in nfct_default_*_display.
o Bumped version to 0.2.5.
|
|
|
|
|
|
|
| |
o Redefine NFCT_ALL_CT_GROUPS
o Fix typemsg2enum prototype, flags and type are 16 bits long, not 8 bits
o Fix wrong expectation timeout and ID output
o Fix getting and killing conntracks by ID
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Munich, Germany for providing the "fast" hardware to reproduce spurious bugs ;)
List of changes:
o Replace misleading flag NFCT_ANY_GROUP by NFCT_ALL_GROUPS
o Update test file to use NFCT_ALL_GROUPS
o Add missing check of CTA_PROTOINFO_TCP that resulted in a segfault in
conjuction with events.
o Fix ICMP conntracks output
o Add missing prototype definition of nfct_default_expect_display_id in
libnetfilter_conntrack.h
|
|
|
|
| |
o Bumped version to 0.2.2
|
|
|
|
|
|
|
|
| |
o move build_tuple_proto and build_protoinfo to the extensions where it
really belongs to.
o Reworked the conntrack and expect netlink handlers
o Fix expectation table output, now it's similar to the /proc output
o Bumped version to 0.2.1
|
|
|
|
|
|
|
|
|
|
| |
o libnetfilter_conntrack.h splitted into two parts: what is visible to
application programs and what is visible to extensions.
o Killed includes asm/types.h and linux/if.h
o Fixed nasty wrong ipv6 definition
o Stolen the status bits from ip_conntrack.h, we don't include ip_conntrack.h
anymore.
o move nfct_handle to libnetfilter_conntrack.c: better for encapsulation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Added some very brief comments to libnetfilter_conntrack.h
o Implemented the conntrack printers API nfct_sprintf_*
o Now nfct_default_conntrack_display display the classical /proc output,
and nfct_default_conntrack_display the classical + conntrack ids
o Use nfnl_talk if there's no data expected from kernel space to be processed,
that is the case of nfct_[get|delete]_conntrack
o Added some missing memset's zeroing
o Code simplification: killed some char *buf where struct nfnlhdr is enough
o Killed protocol handler destructors (fini) and nfct_unregister_proto: The
library is unloaded if something goes wrong (different library versions), the
modules never gets inserted in the proto_list. Fixes a segfault.
o Bumped version to 0.2.0
|
|
|
|
|
|
|
|
|
|
|
| |
o NFCT_COUNTERS splitted in NFCT_COUNTERS_[ORIG|RPLY]
o all global vars are now static
o kill nfct_set_handler, it was too much
o fixed very stupid bug in counters printing
o fixed conntrack getting: invalid netlink flags NLM_F_[ROOT|MATCH]
o nfnl_send returns the proper error to the client, instead of returning -1
o some cleanup's: killed the ret, it was useless
o test for the conntrack API completed, still missing the expectation test
|
|
|
|
|
|
| |
o Define NFCT_ANY_GROUP flag
o Now callback can return a value to stop receiving events
o implement nfct_unset_callback()
|
|
|
|
|
|
|
|
| |
o Add support for ID's
o Fixed stupid bug in NFCT_* flags, I'm stupid
o Simplify handler logic
o Define event message NFCT_MSG_*
o Add support for conntrack marking (kernelspace part still missing)
|
|
|
|
| |
the first 1.0 release
|
|
|
|
|
| |
o fix some indentation
o fix a leak on error path in ncft_open()
|
| |
|
|
|
|
| |
unknown reason this didn't happen in the lastest commit.
|
|
|
|
|
| |
We provide an high level interface that abstracts from the netlink
sockets. Now users don't need to know anything about them.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
include/Makefile.am.
- Rename list_conntrack_handler to callback_handler, IMHO a proper name for such function.
- Use new nfnl_open prototype: Now it's got four parameters.
- Kill recurrent definition of the structure nfnlhdr: Actually this should go somewhere in
libnfnetlink, later.
- Ignore utils subdirectory. It contains a testsuite that is currently broken. Yes I know you're
aware of it ;) it's on the TODO list. I'll fix later.
- ctnl_error now has a nicer definition.
- kill some unneeded ctnl_error messages on failure.
(Pablo Neira)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libnfnetlink_conntrack library:
a) change ctnl_open prototype: Now the subsystem is passed as parameter to
select if we work working with given subsystem, say
NFNL_CTNETLINK_CONNTRACK[_EXP].
b) added functions ctnl_[new|get|del]_expect
c) minor change in ctnl_build_tuple that let us create tuples based on CTA_*
and CTA_EXPECT_* attributes.
(Pablo Neira)
|
| |
|
|
|